package com.key.interceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import com.key.model.User;
import com.key.sys.privilege.SystemPrivilege;
import com.key.sys.privilege.SystemPrivilegePK;

/** 
 * 处理session超时的拦截器 
 */  
public class SessionTimeoutInterceptor  implements HandlerInterceptor{  
      
    public String[] allowUrls;//还没发现可以直接配置不拦截的资源，所以在代码里面来排除  
      
    public void setAllowUrls(String[] allowUrls) {  
        this.allowUrls = allowUrls;  
    }  
  
    @Override  
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response,  
            Object arg2) throws Exception {  
        String requestUrl = request.getRequestURI().replace(request.getContextPath(), "");    
        if(null != allowUrls && allowUrls.length>=1)  
            for(String url : allowUrls) {    
                if (requestUrl.contains(url)) {    
                    return true;    
                }    
            }  
          
        User user = (User) request.getSession().getAttribute("user");  
        if(user != null) {    
        	//检查用户权限
        	//拆分行动指令
        	try{
        		int index = requestUrl.indexOf("?");
        		String module = "";
        		String action = "";
        		if(index>-1){
        			String subStr = requestUrl.substring(0, index);
        			int lastIndex = subStr.lastIndexOf("/");
        			if(lastIndex>-1){
        				action = subStr.substring(lastIndex+1,subStr.length());
        				subStr = subStr.substring(0,lastIndex);
        				lastIndex = subStr.lastIndexOf("/");
            			if(lastIndex>-1){
            				module = subStr.substring(lastIndex+1,subStr.length());
            			}
        			}
        		}else{
        			String subStr = requestUrl;
        			int lastIndex = subStr.lastIndexOf("/");
        			if(lastIndex>-1){
        				action = subStr.substring(lastIndex+1,subStr.length());
        				subStr = subStr.substring(0,lastIndex);
        				lastIndex = subStr.lastIndexOf("/");
            			if(lastIndex>-1){
            				module = subStr.substring(lastIndex+1,subStr.length());
            			}
        			}
        		}
        		if(!module.equals("")&&!action.equals("")){
        			//查询是否有权限配置，是否在组织范围内
        			SystemPrivilege privilege = new SystemPrivilege(user,new SystemPrivilegePK(module,action));
        		    boolean result = privilege.isPremission();
        		    if(result==false){
        		    	throw new PremissionException();
        		    }
        		}
        	}catch(Exception e){
        		throw new PremissionException();
        	}
        	
            return true;  //返回true，则这个方面调用后会接着调用postHandle(),  afterCompletion()  
        }else{  
            // 未登录  跳转到登录页面  
            throw new SessionTimeoutException();//返回到配置文件中定义的路径  
        }  
    }  
      
    @Override  
    public void afterCompletion(HttpServletRequest arg0,  
            HttpServletResponse arg1, Object arg2, Exception arg3)  
            throws Exception {  
    }  
  
    @Override  
    public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,  
            Object arg2, ModelAndView arg3) throws Exception {  
    }  
  
}  